CVE-2008-0857
published 2008-02-21CVE-2008-0857: SQL injection vulnerability in index.php in WoltLab Burning Board 3.0.3 PL 1 allows remote attackers to execute arbitrary SQL commands via the sortOrder…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.00%
58.3th percentile
SQL injection vulnerability in index.php in WoltLab Burning Board 3.0.3 PL 1 allows remote attackers to execute arbitrary SQL commands via the sortOrder parameter to the PMList page.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| woltlab | burning_board | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2008-3915 kernel: nfsd: fix buffer overrun decoding NFSv4 acl
bugzilla·2008-09-04·CVSS 9.3
CVE-2008-3915 [CRITICAL] CVE-2008-3915 kernel: nfsd: fix buffer overrun decoding NFSv4 acl
CVE-2008-3915 kernel: nfsd: fix buffer overrun decoding NFSv4 acl
Description of problem:
The array allocated in init_state() is not large enough. It is possible to write past the end of the allocated memory.
Discussion:
Proposed upstream patch:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=91b80969ba466ba4b915a4a1d03add8c297add3f
---
Created attachment 315754
Upstream patch for this issue
---
Created attachment 315826
Proposed backported patch for MRG kernel
---
patch queued for -79
---
This was addressed via:
MRG Realtime for RHEL 5 Server (RHSA-2008:0857)
Bugzilla
CVE-2008-3272 kernel snd_seq_oss_synth_make_info leak
bugzilla·2008-08-06·CVSS 2.1
CVE-2008-3272 [LOW] CVE-2008-3272 kernel snd_seq_oss_synth_make_info leak
CVE-2008-3272 kernel snd_seq_oss_synth_make_info leak
Description of problem:
Tobias Klein reported that the snd_seq_oss_synth_make_info() function incorrectly reports information to userspace without first checking for the validity of the device number, leading to possible information leak.
Discussion:
Proposed upstream patch:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=82e68f7ffec3800425f2391c8c86277606860442
---
Created attachment 313512
Upstream patch for this issue
---
This was addressed via:
MRG Realtime for RHEL 5 Server (RHSA-2008:0857)
Red Hat Enterprise Linux version 5 (RHSA-2008:0885)
Red Hat Enterprise Linux version 4 (RHSA-2008:0972)
http://secunia.com/advisories/29020http://securityreason.com/securityalert/3680http://www.securityfocus.com/archive/1/488345/100/0/threadedhttp://www.securityfocus.com/bid/27885https://www.exploit-db.com/exploits/5164http://secunia.com/advisories/29020http://securityreason.com/securityalert/3680http://www.securityfocus.com/archive/1/488345/100/0/threadedhttp://www.securityfocus.com/bid/27885https://www.exploit-db.com/exploits/5164
2008-02-21
Published